Only authorized wireless networks are allowed
A wireless network must not be operated without the knowledge and permission of the unit in which it operates. Rogue access points compromise security and interfere with normal operations.
The SSID OWL, or any prefix or suffix on that identifier may only be used according to a naming scheme released by IT Services, and the OWL family of SSIDs will be used only to provide standardised OWL services
This is in order to ensure users can configure their clients in any part of the Collegiate University, and receive an equivalent service wherever else that SSID is in use.
The SSID eduroam, or any prefix or suffix on that identifier, may not be used except for the purposes of the international eduroam service
It is a requirement of the University's participation in the eduroam Federation that we undertake to protect the use of the eduroam SSID namespace.
All wireless networks must be registered with IT Services by the local IT support staff
A database of all established networks, and who is responsible for them, will assist in maintaining control of the network and when considering and advising upon the installation of further networks.
The wireless network must be separated from any other University connected network
This is a basic security procedure. If it is part of a unit's main network, then anyone who connects to that access point will become part of that network.
User authorization is required before network access is allowed
This is self explanatory, and exists to support the University and Janet IT use regulations.
Strong data encryption must be used
Wireless network traffic is readily available for anyone to see, even if they have not associated with an access point. Encryption is necessary to ensure that data, such as passwords, cannot be seen.
Hosts offering services that compromise security shall not be permitted
Examples of this include proxy, relay, DHCP, routing services etc. This refers to client operations, not system provided facilities.
All associations must be recorded
In the event of abuse of the connection, for whatever reason, it is vital that the user concerned can be identified.